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Abstract 

The interpolation step of Guruswami and Sudan's list decoding of Reed-Solomon 
codes poses the problem of finding the minimal polynomial of an ideal with respect 
to a certain monomial order. An efficient algorithm that solves the problem is pre- 
sented based on the theory of Grobner bases of modules. In a special case, this 
algorithm reduces to a simple Berlekamp-Massey-like decoding algorithm. 
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1 Introduction 



Interpreting the key equation of I Welch and Berlekampl (119861 ) as a problem of 



finding a plane curve interpolating points with a certain weighted degree con- 



straint, ISudanl (119971 ) developed list decoding of Reed-Solomon codes. Soon 



afterward, using the co n cept o f multiplicity at a point on an algebraic curve, 



Guruswami and Sudani (119991 ) improved Sudan's list decoding so that it is 
capable of correcting more errors than conventional decoding algorithms for 
all rates of Reed-Solomon codes. The list decoding consists of two steps: the 
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interpolation step and the root-finding step, each of which poses a problem 
that can be solved in various ways. Since the interpolation problem can be 
solved by finding a solution of a system of linear equations over a field, they 
simply asserted the existence of a polynomial time algorithm solving the inter- 
polation problem, thus leaving it as an open problem to search for an efficient 
interpolation algorithm. 



Severa l authors, includi ng iNielsen and Hoholdt lO'Keeffe and Fitzpatrickl 

(2002). lMcEliecel (20031) in his pre sentation of Kotter's algorithm. lAlekhnovich 
( 120051 ). and iFarr and Gaol (120051 ). formulated the interpolation problem as a 
problem of finding the minimal polynomial, with respect to a weighted mono- 
mial order, of the ideal of polynomials interpolating certain points. Their in- 
terpolation algorithms, except Alekhnovich's, take basically a "point by point" 
approach in the sense that they build a Grobner basis of the ideal for points 
{Pi, P 2 , . . . , P n } by recursively computing a Grobner basis of the ideal for 
{Pi,..., Pi} while i increases from 1 to n. In this paper, we also take the 
Grobner basis perspective, but employ a different strategy. We start with a 
set of generators of the module induced from the ideal for {Pi,P 2 , . . . ,P n } 
and convert the generators to a Grobner basis of the module, in which the 
minimal polynomial is found. This results in an efficient algorithm solving the 
interpolation problem. 



In Section 2, we briefly review Guruswami and Sudan's list d ecoding o f Reed- 
Solom on codes. A more detailed treatment can be found in iMcEliecd (120031 ) 
and in lGuruswamil (120051 ). In Section 3, we formulate the interpolation problem 
in a Grobner basis perspective. The basics of Grobner bases that we assumed 
in this paper can be found in I Cox et al.l (119971 . 120051 ) . In Sections 4-6, our 
interpolation algorithm is presented and analyzed. In Section 7, we treat the 
special case of multiplicity one and list size one. 



2 List Decoding of Reed-Solomon Codes 



Let F be a finite field. Denote by ¥[x] s the set of polynomials with degree < s, 
which is an s-dimensional subspace of ¥[x] as F-vector spaces. Fix n distinct 
points ati, «2, . . • , a n from F. Note that the evaluation map ev : F[x] n — > F" 
defined by / i— ► (f(a>i), /(a^), . . . , /(a n )) is an isomorphism of F-vector spaces. 
The inverse map ev -1 is given by Lagrange interpolation as follows. Define 

n 

hi = Yl ( x ~ a j)-> an d hi = hi(ai)~ hi (1) 
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so that hi(oij) = 1 if j = i, and otherwise. For v — (t>i, t> 2 , . . . , v n ) G F n , we 
write 

n 

K = ^Vihi G ¥[x] n 
1=1 

so that h v = ev _1 (f ). For k < n, the Reed-Solomon code RS(n, k), defined as 
the image of ¥[x]k by ev, is an [n, k] linear code over F. 

For / G ¥[x, y] and u > 1, denote by deg u (/) the (1, u)- weighted degree of /. 
That is, variables x and y are assigned weights 1 and u respectively, and for a 
monomial x l y\ we define deg u (x l yi) = i + uj. For a polynomial /, we define 
deg u (/) as the maximal &eg u (x l yi) for monomials x l yi occurring in /. 

A nonzero polynomial in ¥[x, y] defines a curve on the plane F 2 . The multi- 
plicity of a curve / at the origin is defined to be the smallest m such that a 
monomial of total degree m occurs in the polynomial /. The multiplicity of a 
curve / at an arbitrary point P = (a, b) is defined as the multiplicity of the 
curve fp at the origin, where fp = f(x + a,y + b), and denoted by multp(/). 

Suppose that some codeword of RS(n, k) was sent through a noisy channel, 
and the vector v G F n is received by hard-decision on the channel ouput. For 
each 1 < % < n, let Pi denote the point (a*, i>$) on the plane F 2 . Now for 
m > 1, define 

I v , m = {/ G ¥[x, y] | mult P .(/) > m for 1 < % < n} U {0}, 



which is an ideal of W[x, y}. iGuruswami and Sudani (119991 ) proved 



Proposition 1 Let v G F n be the received vector. Suppose that f G I V}jn is 
nonzero. Let w = deg fe _ 1 (/). If c is a codeword ofKS(n,k) satisfying 

i \ w 
wtlv — c) < n , 

m 

then h c is a root of f as a polynomial in y over ¥[x]. 

This proposition is the basis of their list decoding algorithm. We recall that 
the goal of the interpolation step of list decoding is to find a polynomial in 
I v ^ m having the smallest (1, k — l)-weighted degree. Having the same weighted 
degree, the one with smaller degree in y is preferred because this reduces the 
work of the root-finding algorithm. 



3 Grobner Basis Perspective 



We observe that if / is an ideal of ¥[x, y], then the minimal polynomial of I with 
respect to a monomial order > is the minimal element of any Grobner basis of 
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the ideal / with respect to >. This is a direct consequence of the definition of 
Grobner bases. Let Q be the minimal polynomial of I v>m with respect to the 
monomial order >k-i of F[x, y]. As we observed, we can find Q by computing 
a Grobner basis of I v>m with respect to >k-i- However, computing a Grobner 
basis of an ideal is generally a task of high complexity. We overcome this 
difficulty by using the theory of Grobner bases of modules. 

Let / be a positive integer. Let ¥[x, y]i = {/ £ ¥[x, y] \ y-deg(f) < I}. We view 
¥[x, y]i as a free module over ¥[x] with a free basis 1, y, y 2 , . . . , y l . Monomials 
of the module W[x, y]i consist of x l y j with % > and < j < I. 

Note that a monomial order > on the ring ¥[x, y] naturally induces a monomial 
order on the module ¥[x, y]i, which we also denote by >. The notions of (1, u)- 
weighted degrees and y-degrees of monomials or polynomials in ¥[x, y] carry 
over to F[x, Thus > u is a monomial order on the module ¥[x, y]i. The 
notion of the minimal polynomial of a submodule of ¥[x, y]i is defined in the 
same way as for an ideal of ¥[x, y}. 

For I > 1, we define 

Iv,m,l Iv,m l~l F[x, y\l- 

Then I v , m j is a submodule of ¥[x, y][. The minimal polynomial Q of I VjTn with 
respect to >k-i is also the minimal polynomial of I VjTrij i with respect to >k-i 
if / is as large as the y-degree of Q. This enables us to find Q by computing a 
Grobner basis of the submodule l v ^ m ,i of the free module ¥[x, y]i with respect to 
>k-i- This task turns out to be much easier than that of computing a Grobner 
basis of the ideal I Vjjn because there is a simple criterion of Grobner bases for 
a submodule of ¥[x, y]i. The following is a trivial application of Buchberger's 
S'-pair criterion. 

Proposition 2 Let S be a submodule of¥[x, y]i with a monomial order >. 
Suppose that {go, gi, ■ ■ ■ , g s } generates S. If y- degrees of leading terms of gi 
for < i < s are all distinct, then {g , g\, . . . , g s } is a Grobner basis of S with 
respect to >. 

It is easy to identify a set of generators of I v , m ,i, from which we compute a 
Grobner basis. First we present a natural set of generators for the ideal I v>m . 

Proposition 3 As an ideal of¥[x, y\, 

I v ,m = {y- h v , V ) m = ((y - h v y V m - 1 \ 0<i<m), 

where r\ = l\j=i( x — a j)- 

PROOF. Let 

J = {{y - h^T]™- 1 \ 0<i<m). 



4 



Then J C I v<m since each generator of J is clearly in I v>m . To prove the reverse 
relation, let / G I v ^ m . By division with respect to y, we write 

f = g (y-h v ) m + f 

with y-deg(/ Q ) < m. Note that f G l^m since J C J„ jm . Let d = y-deg(/ ), 
and write 

f = g(y - h v ) d + f\ 
with g G ¥[x] and ?/-deg(/i) < d. Observe that for 1 < s < n, 

f (x + a s ,y + v s ) = g(x + a s )(y + v s - h v (x + a s )) d + fi(x + a s ,y + v s ) 
= g(x + a s )(y d ^ ) + fi(x + a Sj y + v s ). 

As fo has multiplicity at least m at P s , fo{x + a s , y + v s ) has no monomial of 
total degree less than m. Because y-deg(fi) < d, we see that g(x + a s ) must 
be divisible by x m ~ d , which implies (x — a s ) m ~ d divides g(x). Therefore we 
can write with some g± G ¥[x], 

n 

fo = gi(y-h v ) d l[(x-a l r- d + f 1 . 

We continue this until we eventually have fi = as ^/-degrees are decreasing. 
Then / G J. Hence I v>m = J. 

Corollary 4 Let I > m. As a submodule of¥[x,y]i over¥[x], 

Iv,m,i = ((y- MV^, y l '~ m (y - h v ) m \ 0<i<m,m<i' <l), 
where rj = YTj = i(x — a,). 



We ne ed an upper bound on y-deg(Q) to set I. As in iGuruswami and Sudan 
(119991 ). using the following 

Proposition 5 Let S be a subset of exponents of monomials of¥[x,y]. If \S\ 
is at least 

fm + l\ 

N = nl ^ ) +1 > ( 2 ) 

then there is a set of coefficients such that f = J2(i,j)&s fij x% y^ ^ s a nonzero 
polynomial in I Vjm . 

and counting the monomials ordered in >k-i, we can get 



, / 2iV 1 1 

y-de g (Q) <^— + 1 -- (3) 

We refer to the original source for a proof of the proposition and a detailed 
derivation of the upper bound. The derivation also implies that the upper 
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bound is larger than m as N is not less than the number of monomials from 
1 to y m inclusive ordered with respect to >fc_i. Henceforth we let I be the 
largest integer less than the upper bound. 

In the next section, we present an algorithm converting the set of generators 
of I v ,m,i given in Corollary 0] to a Grobner basis with respect to >k-i- 



4 A Grobner Basis Algorithm 

Let S be a submodule of ¥[x, y]i over ¥[x}. Suppose that {<7o, <7i, ■ ■ ■ ,9i} is a 
set of generators of S and satisfy y-deg(gi) = i for < i < I (equivalently 
the generators form a Grobner basis with respect to the lexicographical order 
with y > x). Fix a monomial order > u on ¥[x, y]i. The following algorithm 
computes a Grobner basis of S with respect to > u from g , gi, . . . , g\. 

Algorithm G. Let <7, = Y?j=o a ijy : ' f° r < i < / during the execution of the 
algorithm. 

Gl. Set r «- 0. 

G2. Increase r by 1. If r < I, then proceed; otherwise go to step G6. 
G3. Find s = y-deg(lt(g r )) . If s — r, then go to step G2. 
G4. Set d <— deg(a rs ) — deg(a ss ) and c <— lc(a rs )lc(a ss ) _1 . 
G5. (a) If d > 0, then set 

g r <— g r - cx d g s . 
(b) If d < 0, then set, storing g s in a temporary variable, 

9s * 9ri 9r * 9r ('9s- 

Go back to step G3. 
G6. Output {g , gi, . . . ,gi} and the algorithm terminates. 

The goal of the algorithm is to inductively process g , g 2 , . . . , gi such that they 
still generate S and y-deg(lt(^j)) = i for < i < I, so that {g , gi, . . . , gi} is a 
Grobner basis of S by Proposition [2J Note that initially we have 

90 = a oo 
9\ = any + a 10 

* 92 = 0,22V 2 + a-2\y + a 20 

91 = a u y l H h a l2 y 2 + a n y + a l0 

V 
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After increasing r by one in step G2, y-deg(lt(#i)) = i for < % < r — 1. 
Then the algorithm processes go, g±, . . . , g r by iterating steps G3-G5, until 
2/-deg(lt(cjr i )) = i for < i < r. Observe that g s and g r are updated in a way 
that the new go,g±, ■ ■ ■ ,gi still generate the module S. When the algorithm 
terminates, we have y-deg(\t(gi)) = i for < i < I as desired. 

We may view Algorithm G as an optimized version of Buchberger's algorithm. 
However, to prove directly that the algorithm terminates and hence output a 
Grobner basis is even easier. 

Proposition 6 Fix r > and suppose y-deg(lt(gi)) = i for < i < r. After 
a finite number of iterations through steps G3-G5, it eventually happens that 
y-deg(lt(#i)) = i for <i <r. 

PROOF. Observe that the update (a) does not change the weighted degrees 
of lt(gi) for < i < r while the update (b) strictly decreases the weighted 
degree of \t(g s ) but keeps the weighted degrees of \t(gi) for < i < r with 
i 7^ s. Therefore the update (b) could not occur infinitely many times. So from 
a certain point on, only the update (a) occurs. Now observe that the update (a) 
either strictly decreases the weighted degree of g r or otherwise the y-degree of 
lt(g r ) strictly decreases. Therefore the update (a) could not happen infinitely. 
Hence iterations must stop either by g r vanishing to zero or by the y-degree 
of lt(g r ) being r. However, the first case is not possible because go,g±, ■ ■ ■ ,g r 
form a rank r + 1 free module over ¥[x]. 

Unfortunately, the above proof does not allow us to estimate the complexity 
of the algorithm because we cannot know how many iterations of steps G3- 
G5 occur before the algorithm terminates. Hence we need to understand the 
behavior of the algorithm more carefully. 

Proposition 7 Let g ri = Ylj^^iV^ an d 9i = YIj=o a 'ijy^ < i < r be the 
states of the algorithm before and after step G5, respectively. Then for any 
non-identity permutation n = (n , 7Ti, . . . , ir r ), 



r r 



£deg(<4) > £deg(ay. 



(4) 



i=0 i=0 



Moreover if d > 0, then 



deg« r ) = deg(a rr ) and deg u (aj. j tf) < deg u (a rs y s ) 



(5) 



for j < r with strict inequality for j > s. Similarly if d < 0, then 



deg(c4 r ) = deg(a rr ) - d and deg u {a' rj y°) < deg u (a rs y s ) - d 



(6) 
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for j < r with strict inequality for j > s. 



PROOF. For induction, let us assume 

r r 

degKi) > de g( a «rJ ( 7 ) 

for any non-identity permutation tt. First consider the case d = deg(a rs ) — 
deg(a ss ) > 0, where Applying ([7]) to the transposition of 

s and r, we get deg(a rr ) + deg(a ss ) > deg(a rs ) + deg(a sr ), which implies the 
equality part of ([5]). The inequality part of ([5]) follows by noting deg u (a r j?/ J ) < 
deg u (a rs y s ) and 

deg u (x d a sj y J ) = deg u (a rs y s ) + (deg u (a sj y 3 ) - deg u (a ss y s )) < deg u (a rs y s ) 

for j < r with strict inequality for j > s and by noting for j = s the way that 
c and d is chosen. 

We turn to (j4]). By what we proved, the left hand side of (jlj equals J2l=o deg(ajj) 
For the right hand side, note that deg(a' rnr ) < deg(a r7Tr ) or deg(a' r7Tr ) = 
deg(a rs ) — deg(a ss ) + deg(a S7Fr ). If the first case holds, then S[ =0 deg(a' iw .) < 
Y7i=o deg(aj 7ri ), and (TjJ follows from ([7]). Supposing the second case, let Dij 
denote deg^a^-y 3 '). Then (jlj) is equivalent to 

Da > J2 + D «r. + D S7Tr + D rs - D ss . (8) 

To show dSJ), we need to treat two cases depending on whether s and ir r are 
in the same orbit or not, with respect to the permutation tt. First suppose s 
and 7i> are in the same orbit so that 

S ► 7T S ► ■ • ■ ► TT r > Vr(7T r ) > ■ ■ ■ > 1X~ X (s) ► S. 

Let S = {n r , 7r(7r r ), . . . , 7r _1 (s)}. Note that S is empty if ir r = s. Now the right 
hand side of (jSJ) equals 

^ ] ^iTTi ] Dini ~\~ D S7Ts -\- D rs D ss -\- D S7Tr 

ieS i$S,i^s,r ,„.. 

< E Ai + E + Aw. + D rs < Da- 

Here the first inequality holds since Da > for < % < r — 1 and < j < r 
by the algorithm. The second strict inequality follows from (J7J as we can check 
that the second indices of the terms in the middle expression of (Q are all 
distinct by the definition of S. 
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If s and ir r are not in the same orbit, then we have 

S > 7l s > 7t(7T s ) ► ■ ■ ■ ► 7T _1 (s) ► S, 

and let S = {n s , 7r(7r s ), . . . , 7r _1 (s)}. Note that S is empty if ti s = s. Now the 
right hand side of (jHD equals 

^ ] ^} ] ^i-Ki D S7Tr ~\- D rs -^SS D ' STT S 

< E A* + E A* + A* r + A s < E A, 

where the inequalities are justified by similar arguments as above. 

Let us now consider the case d < 0, where a' s j = a r j and 
We can verify (jBJ) in a similar way to the case d > 0, so we turn to (jl]). 
Since deg(aj. r ) = deg(a ss ) — deg(a rs ) + deg(a rr ), the left hand side of (j3J) 
equals Y^ =0 deg(a u ). As = x~ d a rnr - ca S7Tr , we have deg(a^) < deg(a S7r ,,) 
or deg(aj, 7rr ) = deg(a ss ) — deg(a rs ) + deg(a r7rr ). If the first case holds, then 
£[ =0 deg(a^) < £# a>r deg(a i7r J + deg(a nr J + deg(a S7rr ), and flU) follows from 
Suppose the second case, and let denote deg^a^y- 7 ). Note that (jl]) is 
equivalent to 

E A > E At* + Att s + A-ay + As - As- (10) 

To show this, we treat two cases depending on whether s and ir r are in the 
same orbit or not, with respect to the permutation ir. First suppose s and 7r r 
are in the same orbit so that 

S ► 7T S ► ■ • ■ ► 7T r ► Vr(7T r ) > ■ ■ ■ > 7T _1 (s) ► S. 

Let S = {ir r , 7r(7r r ), . . . , 7r _1 (s)}. Note that S is empty if 7i r = s. Now the right 
hand side of (fTO)) equals 

^ ] Di 7Ti ~\~ ^ ] Di ni ~\~ D r7Ts -\- D S s -Ors "I - D r7Tr 

< E A + E Att, + A*. + As < E A- 

iGS i^S,i^s,r i 

The first inequality holds since A« > Aj for < « < r — 1 and < j < r and 
As > Aj for < j < r by the way in which s is chosen. The second strict 
inequality follows from fl7|) since we can check that the right indices of terms 
in the middle expression of ffTTj) are all distinct. 

If s and 7r r are not in the same orbit, then we have 

7T S > 7r(7T S ) > ■ ■ ■ > ^(s) > s , 
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and let S = {n s , 7r(7r s ), . . . ,ir 1 (s)}. Note that S is empty if tt s = s. Now the 
right hand side of tTTUj) equals 

^ ] ^vKi ^ , Dj i7Ti -\- D r7Tr -\- D ss D rs -\- D r7Ts 
<EAi+ E D i7ri + D rnr + D ss <EAi, 

where the inequalities hold by the same reasons as above. 

Corollary 8 With the notation of the proposition, we have 

deg„(lt(^)) - deg u (a' rr y r ) < deg u (lt(sv)) - deg u (a rr y r ) 
If equality holds, then y-deg(\t(g' r )) < y-deg(\t(g r )). 

PROOF. Note that deg„(lt(g r )) = deg u (a rs y s ). Then the assertions are im- 
mediate from ([5]) and (Q. 



5 An Interpolation Algorithm 

Applying Algorithm G to the set of generators of I v>nij i in Corollary HI we 
obtain an interpolation algorithm for the list decoding of Reed-Solomon codes. 

Algorithm I. Given input v = (t>i,t>2, • • • ,v n ) and parameters m and /, this 
algorithm finds the minimal polynomial of I v , m ,i with respect to monomial 
order >k-i- Let g.; = Y}j=Q a ijU^ for < z < / during the execution of the 
algorithm. 

11. Compute h v = J2i=i v i^i- 

12. For < i < m, set 

n 

gt^iy-KYYKx-a.r-' 

3=1 

and for m < i < I, set 

9i - y l - m (y - h v ) m . 

Set r ^ 0. 

13. Increase r by 1. If r < I, then proceed; otherwise go to step 17. 

14. Find s = y-deg(lt(g r )) . If s = r, then go to step 13. 

15. Set d <— deg(a rs ) — deg(a ss ) and c <— lc(a rs )lc(a as ) -1 . 
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16. If d > 0, then set 

g r <-g r - cx d g s . 
If d < 0, then set, storing g s in a temporary variable, 

9s <- 9r, 9r <- - c# s . 

Go back to step 14. 

17. Let Q be the ^ with the smallest leading term. Output Q and the algo- 
rithm terminates. 

Example 9 Let F 7 = {0, 1, 2, . . . , 6} be the finite field with 7 elements. Let 
n = 6 and k — 3. Choose ctj = % for 1 < % < 6. We use RS(6, 3) over F 7 as an 
example. Suppose that v = (6,2,4,4,4,2) is the received vector. 

Let m — 2, and consider I v p. Let Q be the minimal polynomial of I v p with 
respect to > 2 . We set I = 3 > y-deg(Q). For our f , we have 

n 

h v = x A + 5x 3 + 4x 2 + 4x + 6, 77 = JJ (x - a^) = - 1. 

i=i 

Therefore 

4,2,3 = (^ 2 , (y - h v )rj, (y - h v ) 2 , y(y - h v f) 

= (r] 2 , rjy - rjh v: y 2 - 2h v y + h 2 v , y 3 - 2h v y 2 + h\y). 

Let go = i] 2 , gi = rjy — r)h v , and so on. Note that y-deg(gi) = i for < i < 3. 

We demonstrate Algorithm I by finding the minimal polynomial of 4,2,3- In 
the following, polynomials in ¥[x] are parenthesized with only leading terms 
shown. After steps II and 12, we have 

'go= (x 12 + ---) 

gi = (x 6 + ■ ■ ■ )y + (6x 10 + ■■■) 

< 

g 2 = y 2 + (5a; 4 + ---)y+ (x s + ■■■) 

9z = V 3 + (5x 4 + • • • )y 2 + (x 8 + • • • )y 

After step 13, r = 1. In step 14, we find s = y-deg(lt(<7i)) = 0. Since s ^ r, 
we go to step 15. Then d = — 2 and c = 6. So in step 16, g and gi is replaced 
with gi and x 2 g± — 6go, respectively. Then we have 

g = (x 6 + ■ ■ ■ )y + (Qx 10 + ■■■) 

gi= (x 8 + ■ ■ ■ )y + (2x u + ■■■) 

< 

g 2 = y 2 + (5x 4 + • • • )y + (x s + ■ ■ ■ ) 

J3 = y 3 + (5x 4 + • • • )y 2 + (x 8 + • ■ ■ )y 
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After one more update like this, we have 



90 = 

91 = 

92 = 

93 = V 3 + (5a; 4 + 



(x 6 + 
(x 8 + 
y 2 + (5a; 4 + 
)y 2 + (x 8 + 



)y + (6a; 10 + 
)y + (2a; 9 + 
)y + (x 8 + 



This time we find s = y-deg(lt(<7i)) = 1. Since s = r, we go to step 13, and 
increase r by one. In step 14, we find s = y-deg(\t(g 2 )) = 0. Since s ^ r, we go 
to step 15. Then d = — 2 and c = 6 _1 = 6. So in step 16, g and g 2 is replaced 
with g 2 and x 2 g 2 — 6go, respectively. Then we have 



9o= V 2 + (5a; 4 + 

gi = (x 8 + 

g 2 = x 2 y 2 + (6a; 6 + 

93 = y 3 + (5a; 4 + • • • )y 2 + (a; 8 + 



)y+ (x 8 + 

)y + (2x 9 + 

)y + (5a; 9 + 

)y 



The algorithm continues updating in the same way. After the final update, we 
have 



90 = 

91 = (x 2 + 
g 2 = y 3 + (6a; 3 + 
93 = xy 3 + (4a; 3 + 



y 2 + (5a; 4 H )y + (a; 8 + 

)y 2 + (6a; 6 + ■ ■ -)y + (5a; 7 + 



) 



)y 2 + (3x 5 + 
)y 2 + (3x 5 + 



)y + (4a; 7 + 
)y + (6a; 6 



+ •••) 



This set {go, gi, g 2 , g%} is a Grobner basis of I v ,2,3- The minimal polynomial is 
g 2 . So the algorithm terminates with output 

Q = y 3 + (6a; 3 + 4x + 5)y 2 + (3a; 5 + 6a; 4 + 4a; 3 + 6a; 2 + 6a; + 2)y 

+ 4x 7 + 4x 6 + 3x 5 + 3a; 4 + 4x 3 + 2x 2 + x + Q. 

Since Q has factorization 

(y + x 2 + 5x + 2)(y + 3x 2 + 4x + Q)(x 3 + Qy + 4x 2 + 5x + 3), 

a root-finding algorithm will output 6a; 2 + 2a; + 5 and 4a; 2 + 3a; + 1 with degree 
less than 3, each of which yields a codeword c with wt(v — c) < 2. 
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6 Complexity of the Interpolation Algorithm 

We give an upper bound on the number of multiplication operations in the field 
F required during the execution of Algorithm I. We assume that the operation 
of polynomial multiplication is done in the straightforward method such that 
a multiplication of two polynomials of degree a and h requires (a + l)(b + 1) 
multiplication operations over F. 

Step II requires at most 

m 

n 2 + J2 ~ l)(n - 1) + 1) = 0(n 2 m 2 ) 

i=2 

multiplication operations. Step 12 requires at most 

m i 

£ - ~ X ) + X )(( m - l ) n + l ) = 0(n 2 m 4 ) 

i=o j=0 

multiplication operations. To analyze the iterative steps 13-16, fix < r < m. 
Observe that at the start of the updating for g r , the leading term of g r is in 
a r o, and 

deg(a r0 ) - deg k _ 1 (a rr y r ) = &eg((-h v ) T ri m - r ) - deg k _ 1 (r ] m ~ r y r ) < (n - k)r. 

Then Corollary [S] implies that at most (n — k)r 2 updates take place for r. 
Hence the total number of updates for all < r < m is 

m 

y^X n ~ k)r 2 . 

r=0 

For each update, step 16 requires at most 

r 

y^(mn — j(k — 1) + 1) 

j=o 

multiplication operations, because it always holds that deg k _ 1 (gi) < mn for 
< i < m. For m < r < I, we can do a similar analysis. To summarize, steps 
13-16 take totally at most 

m r 

X] XX n — k)r 2 {mn — j{k — 1) + 1) 

r=0 j=0 

I r 

+ V] ~~ k)mr{mn + (r — m — j){k — 1) + 1) 

r=m+l j=0 

= 0(n 2 ml 4 ) 
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multiplication operations. As I can be set to 0(mn 1//2 /c _1//2 ) by Q, we conclude 
that an execution of Algorithm I takes 0(n 4 k~ 2 m 5 ) multiplication operations 
over F. 



7 A Special Case 



Let us consider Guruswami and Sudan's list decoding for the case m — I — 1. 
In this case, our interpolation algorithm becomes simplest and a root-finding 
algorithm is not necessary for decoding. Thus we obtain a simple decoding 
algorithm of Reed-Solomon codes. 

Let I v = I v ,i,i- We begin with considering the minimal polynomial of I v with 
respect to >k-i- Let ay + b be the minimal polynomial with a,b 6 ¥[x]. We 
want to have an upper bound on the (1, k — l)-weighted degree of ay + b. 
Proposition implies that the monomials occurring in ay + b belong to the 
first 7i+l monomials of W[x, y]i in the order >k-i- So we consider the following 
table of monomials of F[x, y]i ordered in >k-i 



1 x x 2 ■ ■ ■ x 



k-2 



y xy ■ ■ ■ x y x y x y 

Ou Ob ' Ob Ob oc 



where the ordering is from left to right and from bottom to top. Consider the 
first n + 1 monomials in the table. Let us index only the columns of length 
two so that the column containing x k ~ l has index 0. Let C be the index of 
the column in which (n + l)-th monomial lies. Then C is the smallest integer 
satisfying 

fc-l + 2(C+l) >n + l, 

namely C = |~(n — k)/2\. It follows that every monomial occurring in ay + b 
has (1, k — l)-weighted degree < k — l + C. We conclude that deg fc _ 1 (a?/ + b) < 
k - 1 + \{n - k)/2\. 

Proposition [T]allows us to exactly determine the form of the minimal polyno- 
mial of I v with respect to >k-i- 

Proposition 10 Let r = [(n — k)/2\. There is at most one codeword c sat- 
isfying wt(v — c) < r. Suppose that there is such a codeword c. Let e = v — c, 
and 

f e = II ( x - a i)- 

Then f e (y — h c ) is the minimal polynomial of I v with respect to >k-i- 



PROOF. Let ay + b be the minimal polynomial of /„ with respect to >fe_i. 
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Let w = deg fc _ 1 (a?/ + b). Since w < k — 1 + \{n — k)/2], we have 

n — w — l>n — k — \(n — k)/2] = r. 

Then Proposition [1] says that every codeword c satisfying wt(t> — c) < r yields 
a root h c of ay + 6. Since ay + b can have at most one root, it follows that 
there is at most one codeword c satisfying wt(w — c) < r. 

Suppose that c is such a codeword. Then ay + b = a(y — h c ). Let e = v — c. 
Since a(y — h c ) G /„, for each 1 < i < n, 

= a(a,i)(vi - h c (oii)) = a(a^e,i. 

When ti 7^ 0, we must have a{oti) = 0. Thus f e divides a. Since f e (y — h c ) E I v , 
the minimality of ay + b implies that ay + b = f e (y — h c ). 

We now assume that there occurred no more than r = [(n — k)/2\ errors to 
the sent codeword. Then Proposition [10] says that the sent codeword c is the 
unique codeword satisfying wt(v — c) < r, and the message polynomial h c 
is obtained by one division from the minimal polynomial of I v . On the other 
hand, Algorithm I is substantially simplified when it is applied to I v = I v ,i,x- 
Hence we have the following 

Decoding Algorithm D. Given the received vector v — (vi, i>2, • • • , v n ), this 
algorithm finds the message polynomial h c . The polynomials 77 = YYj = i{x — aj) 
and hi as in (CQ) for 1 < i < n are precomputed. 

Dl. Compute — h v = — YJi=\ v ihi- 
D2. Set 

A<-0, B^-r], C<-1, D< h v . 

D3. If deg(C) + k - 1 > deg(D), then go to step D6. 
D4. Set d «- deg(D) - deg(B) and c <- lc(D)lc(S) -1 . 
D5. If d > 0, then set 

C <- C - cx d A, D ^ D- cx d B. 

If d < 0, then set, storing A and B in temporary variables, 

A <- C, B ^ D, C <- x~ d C -cA, D <— x" d L> - cB. 

Go back to step D3. 
D6. Set /i < D/C. Output /i and the algorithm terminates. 

Recall that generalized Reed-Solomon codes are defined as a simple twist of 
Reed-Solomon codes. Hence it is straightforward to modify our decoding algo- 
rithm to work for generalized Reed-Solomon codes as well. Then the modified 
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algorithm decodes alternant codes up to half of the designed distance, as al- 
ternant codes are defined as subfield subcodes of generalized Reed-Solomon 
codes. For example the modified algorithm decodes BCH codes up to half of 
the designed distance. We leave the details to the reader. 



8 Conclusion 



We focused on the interpolation problem in Guruswami and Sudan's list de- 
coding of Reed-Solomon codes. Though we are well aware of the important 
extension of their idea for soft-decision decoding, we restricted our attention 
to hard-decision decoding where multiplicities are assigned uniformly. Here we 
just note that our results can be easily extended for soft-decision decoding of 
Reed-Solomon codes by finding a suitable set of generators of the ideal of in- 
terpolation polynomials fo r arbitrary points with arbitrary multiplicities. See 



Lee and O'SuUivanl (120061 ) for an extension in this direction. 



For the problem of computing a Grobner basis of the vanishing ideal of points 
with multiplicities on the plane, common wisdo m is to use Buchberger 's algo- 



rithm or the Marinari-Moller-Mora algorithm in iMarinari et al.l (119931 ). How- 
ever, for the application to decoding, either algorithm needs to be optimized 
exploiting the particular need of finding the Q-polynomial of the interpola- 
tion ideal, rather than the whole Grobner basis, with respect to the particular 
weighted monomial order. Here we presented such an optimized version of 
Buchberger's algorithm, though our presentation is self-contained and an ex- 
plicit complexity analysis is given. 

One may notice some similarities between our algorithm computing a Grobner 
basis of a module over a univariate polynomial ring and the algorithm of 



Alekhnovichl (120051 ) computing a reduced basis of a lattice over a univariate 
polynomial ring. Moreover, to compute the minimal polynomial of the interpo- 
lation ideal, both algorithms rely on a set of generators of the ideal. However, 
working with the module induced from the interpolation ideal, our interpo- 
lation algorithm computes the minimal polynomial of the ideal more directly 
and systematically than Alekhnovich's algorithm. We rema rk that our module - 



theoretic approach was inspired by the illuminating work of lFitzpatrickl (119951 ) . 
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